1# AppArmor profile for maddy daemon.2# vim:syntax=apparmor:ts=2:sw=2:et34#include <tunables/global>56profile dev.foxcpp.maddy /usr{/local,}/bin/maddy {7 #include <abstractions/base>8 #include <abstractions/ssl_certs>9 #include <abstractions/ssl_keys>10 /etc/ca-certificates/** r,1112 /etc/resolv.conf r,13 /proc/sys/net/core/somaxconn r,14 /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,15 deny ptrace,16 capability net_bind_service,17 network tcp,18 network unix,1920 # systemd process management and Type=notify21 signal (receive) peer=unconfined,22 signal (receive) peer=/usr/bin/systemd,23 unix (create, connect, send, setopt) type=dgram addr=@*,24 /run/systemd/notify w,2526 /etc/maddy/** r,27 owner /run/maddy/ rw,28 owner /run/maddy/** rwkl,29 owner /var/lib/maddy/ rw,30 owner /var/lib/maddy/** rwk,31 owner /var/lib/maddy/**.db-{wal,shm} rmk,3233 /usr{/local,}/lib/maddy/* PUx,3435 /usr{/local,}/bin/maddy{,ctl} rmix,3637 #include if exists <local/dev.foxcpp.maddy>38}